Search

Language:  
Search for:

Available article translations:

How to configure TUN/TAP devices inside a container to install VPN software

Article ID: 696 
Created On: Oct 5, 2008
Last Review: Mar 12, 2013
Views:
Was this article helpful?
No Yes
APPLIES TO:
  • Parallels Virtuozzo Containers for Linux 4.7
  • Parallels Virtuozzo Containers for Linux 4.6
  • Parallels Virtuozzo Containers for Linux 4.0
  • Virtuozzo for Linux 3.x

Resolution

Follow the steps below to configure the TUN/TAP device in the container:

1. Make sure the tun module is loaded on the hardware node:
# lsmod | grep tun
tun                    18979  0

For RHEL3-based distributions load this module if necessary:
# modprobe tun
and add it into /etc/modules.conf.

For RHEL 4/5-based distributions create a separate file /etc/init.d/addtun, link it to the proper runlevel and make it executable:
[root@mypvc ~]# cat
#!/bin/bash
/sbin/modprobe tun
[root@mypvc ~]# ln -s /etc/init.d/loadtun /etc/rc3.d/S10addtun
[root@mypvc ~]# chmod +x /etc/init.d/loadtun

At next server reboot tun module should be loaded.

For RHEL/CentOS 6.x based distributions create a separate file /etc/sysconfig/modules/vztun.modules to let it load automatically during the boot time:
#!/bin/sh
/sbin/modprobe tun

This file should be executable. You can make it executable by running:
chmod +x /etc/sysconfig/modules/vztun.modules


This module tun is supposed to be loaded before the Virtuozzo service is started, so run
# service vz restart
to let Virtuozzo acknowledge this module's availability (all containers will be restarted). On SuSE-based systems, add  the tun module into the MODULES_LOADED_ON_BOOT variable in /etc/sysconfig/kernel file (it should be processed by the /etc/init.d/boot.loadmodules initialization script).


2. Allow the container to use the TUN/TAP device:
# vzctl set 101 --devices c:10:200:rw --save

In that case, you will receive the following error message:

Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)

Add required permission:
# vzctl set 101 --capability net_admin:on --save
Granting such capability should be considered for trusted environments only.


3. Create the device in the container:
# vzctl exec 101 mkdir -p /dev/net
# vzctl exec 101 mknod /dev/net/tun c 10 200


4. Set proper permissions for /dev/net/tun:
# vzctl exec 101 chmod 600 /dev/net/tun


5. Install VPN software, which requires TUN/TAP interface such as Virtual TUNnel or OpenVPN.



64d8d09669cff87d685a09b84f40c490 909d99074e442b52ce54cc7b31cf065d eb0ea3b827d18de2329b6477e24c1d59 177dc6fee28957c8ff798197ff2c6602 9b9439294978ca011521bd467a069524 219be54dff19e220f37105b0000118f4 9bccb04d0396d587d8123e5e12b4740e 2897d76d56d2010f4e3a28f864d69223

Was this article helpful?
No Yes
 
 
 
 
 
 
For Home
For Hosters
For SaaS
For IaaS
 
Desktop Virtualization
- Parallels Desktop 8 for Mac
- Parallels Transporter
- Parallels Mobile
- Parallels Desktop Switch to Mac Edition
- Parallels Desktop for Mac Enterprise Edition
- Parallels Management-Mac for Microsoft SCCM
Server Virtualization
- Parallels Cloud Server
- Parallels Containers for Windows 6.0 Beta
- Parallels Virtuozzo Containers
Automation
- Parallels Automation
- Parallels Automation for Cloud Infrastructure
- Parallels Business Automation Standard
- Parallels Virtual Automation
- Parallels Plesk Panel Suite
- Web Presence Builder
- Parallels Plesk Automation
- Parallels Small Business Panel
- Parallels Domain/SSL Reseller Program
- Value-added Services for Hosters
- Parallels Partner Storefront